Re: [TLS] debugging tools [was: Industry Concerns about TLS 1.3]

Hubert Kario <hkario@redhat.com> Fri, 23 September 2016 13:41 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3956312BCA6 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 06:41:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.238
X-Spam-Level:
X-Spam-Status: No, score=-9.238 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.316, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8alJK0FiQEQp for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 06:41:33 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D76212BC11 for <tls@ietf.org>; Fri, 23 Sep 2016 06:41:21 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2924144829; Fri, 23 Sep 2016 13:41:21 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-191.brq.redhat.com [10.34.0.191]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u8NDfJpA021124 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Sep 2016 09:41:20 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Fri, 23 Sep 2016 15:41:14 +0200
Message-ID: <1948820.OppVitlkjc@pintsize.usersys.redhat.com>
User-Agent: KMail/5.3.1 (Linux/4.7.3-200.fc24.x86_64; KDE/5.26.0; x86_64; ; )
In-Reply-To: <c1c32cd8-98df-7d51-bcce-d217bbcd5e74@cs.tcd.ie>
References: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com> <1474627597.2773.14.camel@redhat.com> <c1c32cd8-98df-7d51-bcce-d217bbcd5e74@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart70226811.fIu4C27NZ1"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 23 Sep 2016 13:41:21 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DOf1_RrohiGGHDpKMkbvSytuLsc>
Subject: Re: [TLS] debugging tools [was: Industry Concerns about TLS 1.3]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 13:41:52 -0000

On Friday, 23 September 2016 11:59:31 CEST Stephen Farrell wrote:
> On 23/09/16 11:46, Nikos Mavrogiannopoulos wrote:
> > On Fri, 2016-09-23 at 09:05 +0100, Stephen Farrell wrote:
> >> On 22/09/16 19:36, Yuhong Bao wrote:
> >>> This also reminds me of https://bugzilla.mozilla.org/show_bug.cgi?i
> >>> d=1188657
> >> 
> >> Yuk. Prioritising the needs of those debugging networks
> >> over the maybe 5-6 orders of magnitude more folks using
> >> them is ass-backwards IMO. That result looks to me like
> >> a very bad decision if I'm following it correctly.
> > 
> > That's a very different concern than the one asked by BITS security,
> > and is IMO a very valid one. Running any protocol under TLS wouldn't
> > mean that debugging is very hard or impossible for the one running the
> > protocol. Administrators debug and trace protocols every day to figure
> > out failures (that's why we have advanced tools like wireshark). Making
> > it hard for them to use these tools isn't increasing security; it is
> > only making their life harder.
> 
> Sure. But their/our lives sometimes should be a bit harder
> to make things safer for the vast bulk of people using the
> networks/applications we're developing. As with everything,
> there's a balance needed. In this case, I think the wrong
> decision was reached.

those secret keys are on the client machines and they will stay on client 
machines

making it hard to extract master key from process memory is just security 
through obscurity, not something that will stop a determined attacker

*cough*LD_PRELOAD*cough*
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic